package com.cskaoyan.config;

import com.cskaoyan.realm.AdminRealm;
import com.cskaoyan.realm.MarketAuthenticator;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.authz.ModularRealmAuthorizer;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.List;

@Configuration
public class ShiroConfig {

    //ShiroFilterFactoryBean
    /*@Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        //shiroFilterFactoryBean.setLoginUrl("/302");//默认值是login.jsp
        //FilterChain → Map
        //key：请求url      value：filter
        //filter是需要有先后顺序 → LinkedHashMap
        LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        //value 字符串 使用对应的字符串，就给你匹配对应的filter
        //anon authc perm
        //配置一个默认的Filter → invalidRequest → 重定向 302 /login.jsp
        filterChainDefinitionMap.put("/admin/auth/login", "anon");
        //filterChainDefinitionMap.put("/admin/auth/info", "anon");
        filterChainDefinitionMap.put("/admin/storage/create", "anon");
        //filterChainDefinitionMap.put("/302", "anon");
        filterChainDefinitionMap.put("/**", "authc");

        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return shiroFilterFactoryBean;
    }*/


    //SecurityManager
    @Bean
    public DefaultWebSecurityManager securityManager(List<Realm> realms,DefaultWebSessionManager sessionManager,ModularRealmAuthenticator authenticator) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //securityManager.setRealm(adminRealm);
        securityManager.setRealms(realms);
        //使用默认的认证器和授权器 → 这个realm就会给到默认的认证器和授权器
        securityManager.setSessionManager(sessionManager);
        securityManager.setAuthenticator(authenticator);
        return securityManager;
    }

    @Bean
    public ModularRealmAuthenticator authenticator(List<Realm> realms) {
        ModularRealmAuthenticator authenticator = new MarketAuthenticator();
        authenticator.setRealms(realms);
        return authenticator;
    }

    //SessionManager → 解决跨域过程中的session变化
    /*@Bean
    public DefaultWebSessionManager sessionManager() {
        MarketSessionManager marketSessionManager = new MarketSessionManager();
        marketSessionManager.setGlobalSessionTimeout(5000000);
        return marketSessionManager;
    }*/

    //声明式鉴权需要的组件
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

}
